nss-pam-ldapd, AD and binding

nss-pam-ldapd, AD and binding

From: Henrik Grindal Bakken <hgb [at] ifi.uio.no>

To: nss-pam-ldapd-users [at] lists.arthurdejong.org

Subject: nss-pam-ldapd, AD and binding

Date: Wed, 07 May 2014 15:17:24 +0200

Hello. I want to set up pam+nss ldap support against an AD server
(preferably not using e.g. centrify), but I have a bit of a problem.
The AD installation in question does not allow anonymous search, so I
have to bind. I *could* add a bind user with password and all, but this
is quite a lot of pain (I need to change the password of that user all
the time, I need passwords written down, etc, etc).
What I'd like is for my pam module to bind to AD using short form
(username@domain.com or DOMAIN\username) -- which it has[0] -- and the
user's password (which it has). Further, I'd like nslcd to retrieve
enough info at that time so it wouldn't have to look up anything else
(otherwise how would nss later work, since the password is now lost).
In a pinch, nslcd could cache the user password, but that sounds like a
bad idea.
Is this possible?
[0] - It would have to be configurable how to create the shortform from
a username, but that's a lot less configuration than a binddn and
bindpw (perhaps not a lot less, but at least it's not a password).
--
Henrik Grindal Bakken <hgb@ifi.uio.no>
PGP ID: 8D436E52
Fingerprint: 131D 9590 F0CF 47EF 7963 02AF 9236 D25A 8D43 6E52
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

This archive was generated using
mhonarc
on Mon Jun 01 04:04:32 2020.
If you have any questions about these pages, please contact
listmaster [at]
arthurdejong.org.
Please see the mailing list policy and disclaimer.